Total
3006 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2424 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227750 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-2419 | 1 Crmeb | 1 Crmeb | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been declared as critical. This vulnerability affects the function videoUpload of the file \crmeb\app\services\system\attachment\SystemAttachmentServices.php. The manipulation of the argument filename leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227716. | |||||
| CVE-2023-2246 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227236. | |||||
| CVE-2023-2071 | 1 Rockwellautomation | 2 Factorytalk View, Panelview Plus | 2024-11-21 | N/A | 9.8 CRITICAL |
| Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. The device has the functionality, through a CIP class, to execute exported functions from libraries. There is a routine that restricts it to execute specific functions from two dynamic link library files. By using a CIP class, an attacker can upload a self-made library to the device which allows the attacker to bypass the security check and execute any code written in the function. | |||||
| CVE-2023-2063 | 1 Mitsubishielectric | 8 Fx5-enet\/ip, Fx5-enet\/ip Firmware, Rj71eip91 and 5 more | 2024-11-21 | N/A | 6.3 MEDIUM |
| Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tampering, deletion or destruction via file upload/download. As a result, the attacker may be able to exploit this for further attacks. | |||||
| CVE-2023-2034 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14. | |||||
| CVE-2023-29770 | 1 Sapplica | 1 Sentrifugo | 2024-11-21 | N/A | 8.8 HIGH |
| In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering. | |||||
| CVE-2023-29386 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0. | |||||
| CVE-2023-29384 | 1 Hmplugin | 1 Jobwp | 2024-11-21 | N/A | 10.0 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.0. | |||||
| CVE-2023-29240 | 1 F5 | 1 Big-iq Centralized Management | 2024-11-21 | N/A | 5.4 MEDIUM |
| An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-29102 | 1 Olivethemes | 1 Olive One Click Demo Import | 2024-11-21 | N/A | 9.1 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1. | |||||
| CVE-2023-28962 | 1 Juniper | 1 Junos | 2024-11-21 | N/A | 5.3 MEDIUM |
| An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to upload arbitrary files to temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to 19.4R3-S11; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S6; 21.1 version 21.1R1 and later versions; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2. | |||||
| CVE-2023-28833 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 2.4 LOW |
| Nextcloud server is an open source home cloud implementation. In affected versions admins of a server were able to upload a logo or a favicon and to provided a file name which was not restricted and could overwrite files in the appdata directory. Administrators may have access to overwrite these files by other means but this method could be exploited by tricking an admin into uploading a maliciously named file. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upgrade should avoid ingesting logo files from untrusted sources. | |||||
| CVE-2023-28731 | 1 Acymailing | 1 Acymailing | 2024-11-21 | N/A | 9.8 CRITICAL |
| AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0. | |||||
| CVE-2023-28700 | 1 Itpison | 1 Omicard Edm | 2024-11-21 | N/A | 6.8 MEDIUM |
| OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. | |||||
| CVE-2023-28699 | 1 Wddgroup | 1 Fantasy | 2024-11-21 | N/A | 8.8 HIGH |
| Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disrupt service. | |||||
| CVE-2023-28482 | 1 Tigergraph | 1 Tigergraph | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has permissions to upload data can browse data uploaded by any other user (irrespective of their permissions). | |||||
| CVE-2023-28480 | 1 Tigergraph | 1 Tigergraph | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to define new User Defined Functions (UDFs) from C/C++ code. To support this functionality TigerGraph allows users to upload custom C/C++ code which is then compiled and installed into the platform. An attacker who has filesystem access on a remote TigerGraph system can alter the behavior of the database against the will of the database administrator; thus effectively bypassing the built in RBAC controls. | |||||
| CVE-2023-28337 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device. | |||||
| CVE-2023-28170 | 1 Themely | 1 Theme Demo Import | 2024-11-21 | N/A | 9.1 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import.This issue affects Theme Demo Import: from n/a through 1.1.1. | |||||